You ever download some code or a Visual Studio project from the web then start getting warned that the download might be evil?
When you open a project file that was downloaded from the Internet Zone, you'll get a dialog like this from Visual Studio:
If you're wondering "how does it know?" when your browser downloads something from the net, the zone that it came from gets marked in an Alternate Data Stream within the NTFS file system.
If you use the Streams utility from SysInternals from the command-line you can see the streams on file directly. For example:
Streams v1.56 - Enumerate alternate NTFS data streams Copyright (C) 1999-2007 Mark Russinovich Sysinternals - www.sysinternals.com
C:\DownloadFromTheWeb.zip: :Zone.Identifier:$DATA 24
Even easier, you can right-click on the file and select properties. Notice that "Unblock" button at the bottom of the dialog. Click that, and you're declaring that you trust this file and by removing the alternate stream data you'll not get warned again.
It's not just projects that get these zone ideas, anything downloaded does, including videos, etc. These streams and zone data persist even when you move or rename files so that the system knows where things come from.
Some other programs put stuff in Alternate Data Streams, like older versions of ETrust Anti-Virus. But, after download files, the other most common use of Alternate Data streams is to store the favicon.ico of a URL file on your computer. You know those tiny icons that you see in the address bar when you surf around? Well, if you make a shortcut to a site on your desktop that .URL file will also include a small version of the favicon so you'll still be able to see it when you are offline.
And here's some of the same files using Streams.exe from the command line:
A Whiteboard and Audio Meeting Capture System.url: :favicon:$DATA 894 alastairs's buildprogress at master - GitHub.url: :favicon:$DATA 1150 Introducing Versatile DataSources - Peter and the case of the ASP.NET developer.url: :favicon:$DATA 1406 johnvpetersen's Nerd-Dinner-with-Fluent-NHibernate at m aster - GitHub.url: :favicon:$DATA 1150 jQuery Templates Proposal - jquery - GitHub.url: :favicon:$DATA 1150 metalscroll - Project Hosting on Google Code.url: :favicon:$DATA 1150
As with all things internet, of course, be aware and be smart when you download. Don't just Unblock stuff willy-nilly like me. :)
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.
Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.